Categories
The Week in Breach

The Week in Breach News: 13/07/22 – 19/07/22


It’s game over for security at Bandai Namco, human error causes a breach at a UK college and Lending Tree admits they’ve been breached.



Narragansett Bay Commission

Exploit: Ransomware

Narragansett Bay Commission: Utility Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.783 = Moderate

The Narragansett Bay Commission has been hit with a ransomware attack. The utility runs sewer systems in parts of the Providence and Blackstone Valley areas in Rhode Island.  A spokesperson for the company said that the company experiences the encryption of data on some computers and systems in its network. However, service was not interrupted, and the utility does not store customer payment data. No word on what data was stolen or if the Narragansett Bay Commission paid a ransom.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Experts have warned that utilities are key targets for cybercriminals looking for quick money.


Lending Tree

Exploit: Hacking

Lending Tree: Financial & Mortgage Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Mortgage giant Lending Tree, LLC recently confirmed that the company has experienced a data breach after cybercriminals discovered a code vulnerability on its website. According to a notice filed by the company, on June 3, 2022, Lending Tree discovered a code vulnerability on the company’s website that likely resulted in bad actors gaining access to sensitive personal information for customers. Lending Tree believes that the vulnerability was in place since mid-February 2022.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703 = Severe

Exposed information varies depending on the individual, but may include client names, Social Security numbers, dates of birth and street addresses.

How It Could Affect Your Business The financial sector was at the top of the cybercriminal hit list in 2021 and that hasn’t changed in 2022.


Family Practice Center

Exploit: Hacking

Family Practice Center: Medical Clinic Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.701 = Severe

Pennsylvania-based medical clinic chain Family Practice Center has experienced a data breach. The company filed a notice with the U.S. Department of Health and Human Services saying that on October 11, 2021, it was the target of a cyberattack that attempted to shut down its computer systems. This may have led to an unauthorized party gaining access to sensitive data about 83,969 patients.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.641 = Severe

The breached information includes a patient’s name, Social Security number, address, medical insurance information and health/ treatment information.

How It Could Affect Your Business: Medical facilities of all kinds should be strengthening security in response to non-stop threats in the sector.



United Kingdom – Morgan Hunt

Exploit: Supply Chain Risk

Morgan Hunt: Recruiting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.776 = Severe

British recruitment agency Morgan Hunt confirmed that it has experienced a data breach that resulted in intruders snatching personal data for some of the freelancers on its books. The recruiter pointed the finger at a third party service provider as the source of the problem. Impacted freelancers were sent a letter informing them of the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.741 = Severe

The information accessed included contractors’ names, contact details, identity documents, proof of address documents (including any bank or building society statement provided), National Insurance number, and date of birth.

How it Could Affect Your Business: Cybercriminals are hungry for fresh stores of data, making service providers very attractive targets


United Kingdom – City College Norwich

Exploit: Human Error

City College Norwich: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

City College of Norwich is in hot water after an employee mistakenly sent the wrong information to a student’s family. A parent tipped off officials after they were sent an expected attachment in an email exchange with one of the college’s customer service team when she received an unanticipated attachment, a spreadsheet titled “P2E links for scheduled applicants”. That spreadsheet contained the personal data of hundreds of people associated with the college. The incident is under investigation.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

The spreadsheet included names, telephone numbers, postal and email addresses and other identifying details of students and applicants.

How it Could Affect Your Business Humans will make mistakes, but training can help reduce the chance that employees make security errors like this one.



Japan – Bandai Namco

Exploit: Ransomware

Bandai Namco: Videogame & Toy Maker

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.929 = Severe

The ransomware group Black Cat is claiming responsibility for a ransomware attack that hit Japanese entertainment company Bandai Namco. The video gaming giant confirmed that the group’s companies in Asian regions, excluding Japan, were breached by a third party on July 3, 2022. Bandai Namco appeared on the cybercriminal operation’s dark web site immediately afterward. The company said that in a statement “It is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about [the] existence of leakage, scope of the damage, and investigating the cause.” 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware attacks on all sorts of businesses have soared in the last 12 months as cybercriminals search for new revenue streams.



Australia – Deakin University 

Exploit: Credential Compromise

Deakin University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Deakin University in Melbourne has experienced a data security incident. The username and password of a single staff member at Deakin University was hacked and then used to unlock private details of 46,980 past and current students. The hackers then used that data to send phishing messages to students. In the messages, the cybercriminals sent out two links, both of which took the student to a malicious form that phished for information including credit card details. The breach will be reported to the Office of the Victorian Information Commissioner (OVIC). 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.213 = Severe

Altogether, bad actors obtained the contact details of 46,980 past and current Deakin students. The haul included student names, IDs, mobile numbers, email addresses and even recent university results.

How it Could Affect Your Business Just one compromised credential can open organizations up to a world of hurt and an expensive security nightmare.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply